infosecn1nja
/
DeTTECT
mirror of https://github.com/infosecn1nja/DeTTECT.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DeTTECT/sample-data/techniques-administration-e...

3190 lines
62 KiB
YAML
Raw Blame History

version: 1.2
file_type: technique-administration
name: example
platform: [Windows, Azure, Azure AD, Office 365]
techniques:
# - Note that detection and visibility are independent from each other.
# Meaning that detection could be left blank and only have visibility filled in.
# - Also note that the below serves purely as an example and is therefore not accurate on all areas.
#
# - If desired you are free to add any key-value pairs. This will not impact the functionality of the tool.
- technique_id: T1222
technique_name: File Permissions Modification
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1218.001
technique_name: Compiled HTML File
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1221
technique_name: Template Injection
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
- technique_id: T1220
technique_name: XSL Script Processing
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1217
technique_name: Browser Bookmark Discovery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1218.002
technique_name: Control Panel
detection:
applicable_to: [client endpoints]
location: [EDR]
comment: ''
score_logbook:
- date: 2018-12-01
score: 4
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1552.002
technique_name: Credentials in Registry
detection:
applicable_to: [all]
location: [EDR]
comment: ''
score_logbook:
- date: 2018-12-01
score: 3
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1189
technique_name: Drive-by Compromise
detection:
applicable_to: [all]
location: [SIEM UC 123, Tool Model Y]
comment: ''
score_logbook:
- date: 2019-08-05
score: 3
comment: This detection was improved due to the availability of the new log
source Process use of network
- date: 2018-11-01
score: 1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1203
technique_name: Exploitation for Client Execution
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1210
technique_name: Exploitation of Remote Services
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1211
technique_name: Exploitation for Defense Evasion
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1202
technique_name: Indirect Command Execution
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1212
technique_name: Exploitation for Credential Access
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1201
technique_name: Password Policy Discovery
detection:
applicable_to: [domain controllers]
location:
- Third party product A
comment: ''
score_logbook:
- date: 2017-01-01
score: 4
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1218.003
technique_name: CMSTP
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1219
technique_name: Remote Access Software
detection:
applicable_to: [all]
location:
- Third party product A
comment: ''
score_logbook:
- date: 2017-01-01
score: 4
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 3
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1553.003
technique_name: SIP and Trust Provider Hijacking
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1218
technique_name: Signed Binary Proxy Execution
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1566.001
technique_name: Spearphishing Attachment
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1216
technique_name: Signed Script Proxy Execution
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1566.002
technique_name: Spearphishing Link
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1547.003
technique_name: Time Providers
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1195
technique_name: Supply Chain Compromise
detection:
applicable_to: [all]
location:
- Third party product A
comment: ''
score_logbook:
- date: 2017-01-01
score: 2
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1566.003
technique_name: Spearphishing via Service
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 4
comment: ''
auto_generated: true
- technique_id: T1204
technique_name: User Execution
detection:
applicable_to: [all]
location: [EDR]
comment: ''
score_logbook:
- date: 2018-12-01
score: 0
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1546.009
technique_name: AppCert DLLs
detection:
applicable_to: [all]
location: [EDR]
comment: ''
score_logbook:
- date: 2018-12-01
score: 3
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1176
technique_name: Browser Extensions
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1021.003
technique_name: Distributed Component Object Model
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1559.001
technique_name: Component Object Model
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1185
technique_name: Man in the Browser
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1556.002
technique_name: Password Filter DLL
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1218.005
technique_name: Mshta
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1557.001
technique_name: LLMNR/NBT-NS Poisoning and SMB Relay
detection:
- applicable_to: [client endpoints]
location:
- Third party product A
comment: |
This comment will be
multiline in
Excel
score_logbook:
- date: 2017-01-01
score: 2
comment: ''
- applicable_to: [servers]
location:
- Model I
comment: ''
score_logbook:
- date: 2019-05-01
score: 3
comment: ''
visibility:
- applicable_to: [client endpoints]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
- applicable_to: [servers]
comment: |
This comment will be
multiline in
Excel
score_logbook:
- date: 2019-03-01
score: 3
comment: ''
- technique_id: T1559.002
technique_name: Dynamic Data Exchange
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1055.011
technique_name: Extra Window Memory Injection
detection:
applicable_to: [all]
location: [EDR]
comment: ''
score_logbook:
- date: 2018-12-01
score: 4
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1056.004
technique_name: Credential API Hooking
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1055.013
technique_name: Process Doppelgänging
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1090.004
technique_name: Domain Fronting
detection:
applicable_to: [all]
location:
- Model A
comment: ''
score_logbook:
- date: 2018-08-01
score: 5
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 4
comment: ''
- technique_id: T1546.012
technique_name: Image File Execution Options Injection
detection:
applicable_to: [all]
location: [Tool]
comment: ''
score_logbook:
- date: 2018-11-01
score: 2
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
- technique_id: T1547.008
technique_name: LSASS Driver
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1546.002
technique_name: Screensaver
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1134
technique_name: Access Token Manipulation
detection:
applicable_to: [all]
location: [EDR]
comment: ''
score_logbook:
- date: 2018-12-01
score: 4
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1546.011
technique_name: Application Shimming
detection:
applicable_to: [all]
location: [SIEM]
comment: ''
score_logbook:
- date: 2018-12-01
score: 1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1140
technique_name: Deobfuscate/Decode Files or Information
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1136
technique_name: Create Account
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1137
technique_name: Office Application Startup
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1564.001
technique_name: Hidden Files and Directories
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1135
technique_name: Network Share Discovery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1132
technique_name: Data Encoding
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1547.002
technique_name: Authentication Package
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1129
technique_name: Shared Modules
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1546.007
technique_name: Netsh Helper DLL
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1127
technique_name: Trusted Developer Utilities Proxy Execution
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
- technique_id: T1551.005
technique_name: Network Share Connection Removal
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1125
technique_name: Video Capture
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1124
technique_name: System Time Discovery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1123
technique_name: Audio Capture
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1546.015
technique_name: Component Object Model Hijacking
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1218.009
technique_name: Regsvcs/Regasm
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1218.004
technique_name: InstallUtil
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1218.010
technique_name: Regsvr32
detection:
applicable_to: [all]
location: [EDR]
comment: ''
score_logbook:
- date: 2018-12-01
score: 3
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1114
technique_name: Email Collection
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1113
technique_name: Screen Capture
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1112
technique_name: Modify Registry
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1111
technique_name: Two-Factor Authentication Interception
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1542.002
technique_name: Component Firmware
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1106
technique_name: Native API
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1105
technique_name: Ingress Tool Transfer
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1546.010
technique_name: AppInit DLLs
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1102
technique_name: Web Service
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1547.005
technique_name: Security Support Provider
detection:
applicable_to: [all]
location: [SIEM UC 789]
comment: ''
score_logbook:
- date: 2018-11-01
score: 4
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 3
comment: ''
- technique_id: T1505.003
technique_name: Web Shell
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1551.006
technique_name: Timestomp
detection:
applicable_to: [all]
location: [Tool Model X]
comment: ''
score_logbook:
- date: 2018-11-01
score: 2
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 4
comment: ''
- technique_id: T1095
technique_name: Non-Application Layer Protocol
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 3
comment: ''
- technique_id: T1055.012
technique_name: Process Hollowing
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1090
technique_name: Proxy
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1562.001
technique_name: Disable or Modify Tools
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1548.002
technique_name: Bypass User Access Control
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1087
technique_name: Account Discovery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1059.001
technique_name: PowerShell
detection:
applicable_to: [all]
location: [EDR]
comment: ''
score_logbook:
- date: 2018-12-01
score: 3
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
- technique_id: T1218.011
technique_name: Rundll32
detection:
applicable_to: [all]
location: [EDR]
comment: ''
score_logbook:
- date: 2018-12-01
score: 3
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1083
technique_name: File and Directory Discovery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1082
technique_name: System Information Discovery
detection:
applicable_to: [all]
location:
- Third party product A
comment: ''
score_logbook:
- date: 2017-01-01
score: 3
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1080
technique_name: Taint Shared Content
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1078
technique_name: Valid Accounts
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1021.002
technique_name: SMB/Windows Admin Shares
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: 2018-10-01
score: 0
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1021.001
technique_name: Remote Desktop Protocol
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1074
technique_name: Data Staged
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1574.002
technique_name: DLL Side-Loading
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1072
technique_name: Software Deployment Tools
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1071
technique_name: Application Layer Protocol
detection:
applicable_to: [all]
location: [SIEM UC 123]
comment: ''
score_logbook:
- date: 2018-11-01
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
- technique_id: T1551
technique_name: Indicator Removal on Host
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1069
technique_name: Permission Groups Discovery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1068
technique_name: Exploitation for Privilege Escalation
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1027.005
technique_name: Indicator Removal from Tools
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1059.004
technique_name: Bash
detection:
applicable_to: [all]
location: [EDR, AV Product]
comment: ''
score_logbook:
- date: 2018-12-01
score: 3
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1059.005
technique_name: VBScript
detection:
applicable_to: [all]
location: [EDR, AV Product]
comment: ''
score_logbook:
- date: 2018-12-01
score: 3
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1059.006
technique_name: Python
detection:
applicable_to: [all]
location: [EDR, AV Product]
comment: ''
score_logbook:
- date: 2018-12-01
score: 3
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1518.001
technique_name: Security Software Discovery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1547.001
technique_name: Registry Run Keys / Startup Folder
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1059
technique_name: Command and Scripting Interpreter
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1574.011
technique_name: Services Registry Permissions Weakness
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1057
technique_name: Process Discovery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1056
technique_name: Input Capture
detection:
applicable_to: [client endpoints]
location: [EDR]
comment: ''
score_logbook:
- date: 2018-12-01
score: 4
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1055
technique_name: Process Injection
detection:
applicable_to: [all]
location: [EDR]
comment: ''
score_logbook:
- date: 2018-12-01
score: 4
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1562.006
technique_name: Indicator Blocking
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1053
technique_name: Scheduled Task/Job
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1049
technique_name: System Network Connections Discovery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1048
technique_name: Exfiltration Over Alternative Protocol
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1047
technique_name: Windows Management Instrumentation
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1571
technique_name: Non-Standard Port
detection:
applicable_to: [all]
location:
- Model B
comment: ''
score_logbook:
- date: 2018-10-01
score: 5
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 3
comment: ''
auto_generated: true
- technique_id: T1546.001
technique_name: Change Default File Association
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1041
technique_name: Exfiltration Over C2 Channel
detection:
applicable_to: [all]
location:
- Third party product A
comment: ''
score_logbook:
- date: 2017-01-01
score: 2
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1040
technique_name: Network Sniffing
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1039
technique_name: Data from Network Shared Drive
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1574.001
technique_name: DLL Search Order Hijacking
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1037
technique_name: Boot or Logon Initialization Scripts
detection:
applicable_to: [all]
location:
- Model F
comment: ''
score_logbook:
- date: 2018-05-07
score: 3
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1036
technique_name: Masquerading
detection:
applicable_to: [all]
location: [Model C]
comment: ''
score_logbook:
- date: 2018-02-01
score: 4
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1569.002
technique_name: Service Execution
detection:
applicable_to: [all]
location: [EDR]
comment: ''
score_logbook:
- date: 2018-12-01
score: 4
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1574.007
technique_name: Path Interception by PATH Environment Variable
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1574.008
technique_name: Path Interception by Search Order Hijacking
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1574.009
technique_name: Path Interception by Unquoted Path
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1033
technique_name: System Owner/User Discovery
detection:
applicable_to: [all]
location:
- Third party product A
comment: ''
score_logbook:
- date: 2017-01-01
score: 3
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1543.003
technique_name: Existing Service
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1030
technique_name: Data Transfer Size Limits
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1029
technique_name: Scheduled Transfer
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1021.006
technique_name: Windows Remote Management
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1027
technique_name: Obfuscated Files or Information
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1025
technique_name: Data from Removable Media
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1573
technique_name: Encrypted Channel
detection:
applicable_to: [all]
location: [EDR]
comment: ''
score_logbook:
- date: 2018-12-01
score: 0
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1547.009
technique_name: Shortcut Modification
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1020
technique_name: Automated Exfiltration
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1018
technique_name: Remote System Discovery
detection:
applicable_to: [all]
location:
- Third party product A
comment: ''
score_logbook:
- date: 2017-01-01
score: 3
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1016
technique_name: System Network Configuration Discovery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1546.008
technique_name: Accessibility Features
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1547.010
technique_name: Port Monitors
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1012
technique_name: Query Registry
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1011
technique_name: Exfiltration Over Other Network Medium
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1010
technique_name: Application Window Discovery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1008
technique_name: Fallback Channels
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1007
technique_name: System Service Discovery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1005
technique_name: Data from Local System
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1547.004
technique_name: Winlogon Helper DLL
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1003
technique_name: OS Credential Dumping
detection:
applicable_to: [all]
location: [EDR]
comment: ''
score_logbook:
- date: 2018-12-01
score: 3
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1560
technique_name: Archive Collected Data
detection:
applicable_to: [all]
location:
- Model E
comment: ''
score_logbook:
- date: 2017-10-10
score: 2
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1001
technique_name: Data Obfuscation
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1485
technique_name: Data Destruction
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1486
technique_name: Data Encrypted for Impact
detection:
applicable_to: [all]
location:
- Model J
comment: ''
score_logbook:
- date: 2015-01-01
score: 4
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 3
comment: ''
- technique_id: T1561.001
technique_name: Disk Content Wipe
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1499
technique_name: Endpoint Denial of Service
detection:
applicable_to: [websites]
location:
- Third party
comment: ''
score_logbook:
- date: 2015-01-01
score: 5
comment: ''
visibility:
applicable_to: [websites]
comment: ''
score_logbook:
- date: 2019-03-01
score: 4
comment: ''
- technique_id: T1490
technique_name: Inhibit System Recovery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1498
technique_name: Network Denial of Service
detection:
applicable_to: [websites]
location:
- Third party
comment: ''
score_logbook:
- date: 2015-01-01
score: 5
comment: ''
visibility:
applicable_to: [websites]
comment: ''
score_logbook:
- date: 2019-03-01
score: 4
comment: ''
- technique_id: T1496
technique_name: Resource Hijacking
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1565.003
technique_name: Runtime Data Manipulation
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1489
technique_name: Service Stop
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1027.004
technique_name: Compile After Delivery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1568.002
technique_name: Domain Generation Algorithms
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1482
technique_name: Domain Trust Discovery
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1480
technique_name: Execution Guardrails
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 4
comment: ''
auto_generated: true
- technique_id: T1497
technique_name: Virtualization/Sandbox Evasion
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1187
technique_name: Forced Authentication
detection:
applicable_to:
- all
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to:
- all
comment: ''
score_logbook:
- date: 2019-07-30
score: 1
comment: 'New data source: Process use of network'
auto_generated: true
- technique_id: T1056.002
technique_name: GUI Input Capture
detection:
applicable_to:
- all
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to:
- all
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- technique_id: T1104
technique_name: Multi-Stage Channels
detection:
applicable_to:
- all
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to:
- all
comment: ''
score_logbook:
- date: 2019-07-30
score: 1
comment: 'New data source: Process use of network'
auto_generated: true
- technique_id: T1046
technique_name: Network Service Scanning
detection:
applicable_to:
- all
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to:
- all
comment: ''
score_logbook:
- date: 2019-07-30
score: 1
comment: 'New data source: Process use of network'
auto_generated: true
Reference in New Issue View Git Blame Copy Permalink